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REMARKS 

Please reconsider the application in view of the above amendments and the 
following remarks. Applicants thank the Examiner for carefully considering this 
application. 

Disposition of Claims 

Claims 1-26 are pending in this application. Claims 1, 11, and 18 are 
independent. The remaining claims depend, directly or indirectly, from claims 1,11, and 
18. 

Claim Amendments 

Claims 1, 2, 11, 12, 18, and 19 are amended to clarify the invention. Claims 4, 8, 
and 24 are amended to correct typographical errors. No new matter is added by way of 
these amendments. Support for these amendments can be found, for example, in pages 
13-15 and 22-32 of the Specification. 

Title Amendments 

The title is amended herein to correct typographical errors. 

Objection to the Drawings 

The Examiner objected to Figures 2 and 5 for not meeting quality and margin 
spacing requirements. Figures 2 and 5 are amended herein to correct the quality and 
margin spacing. Accordingly, withdrawal of this objection is respectfully requested. 
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Further, Applicants ask that the Examiner indicate all drawings are accepted in the next 
action. 

Rejection(s) under 35 U.S.C § 102 

Claims 1-5, 7-15, and 17-26 stand rejected under 35 U.S.C. § 102 as being 
anticipated by U.S. Patent No. 7,010,582 Bl (hereinafter "Cheng"). To the extent that 
this rejection may still apply to the amended claims, the rejection is respectfully 
traversed. 

As an initial matter, Applicants note that the Examiner stated that claim 23 is 
rejected under 35 U.S.C. § 102. However, the Examiner provided no basis for this 
rejection. See Office Action dated April 9, 2007 at page 4. Furthermore, the Examiner 
also stated that claim 23 is rejected under 35 U.S.C. § 103(a) and did provide a basis for 
that rejection. See Office Action dated April 9, 2007 at page 14. Therefore, for purposes 
of this response, Applicants are assuming that the Examiner intended to reject claim 23 
under 35 U.S.C. § 103(a) and erroneously included claim 23 in the list of claims rejected 
under 35 U.S.C. § 102. If this assumption is incorrect, clarification is requested. 

Turning to the rejection of the claims, "[a] claim is anticipated only if each and 
every element as set forth in the claim is found, either expressly or inherently described, 
in a single prior art reference." Further, "[fjhe identical invention must be shown in as 
complete detail as is contained in the ... claim." MPEP § 2131 (emphasis added). 
Applicants respectfully assert that Cheng does not expressly or inherently describe each 
and every element of claims 1-5, 7-15, 17-22, and 24-26. 

Amended independent claims 1 and 18 recite a method of performing single sign- 
on services that requires a central service provider and an artifact that can be used to 
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retrieve assertion information to authorize user access from the central service provider. 
Specifically, claims 1 and 18 recite, in part, 

generating, by a central service provider, assertion information comprising 

identity information associated with a user . . . ; 
generating, by said central service provider, a plurality of artifacts that are 

associated with said assertion information; and 

sending, by said central service provider, said plurality of artifacts to a 
group of trusted partner sites . . . , wherein each of said group of 
trusted partner sites can use an artifact of said plurality of artifacts 
to retrieve said assertion information from said central service 
provider to individually authorize access by said user. 

Emphasis added. 

In contrast, Cheng discloses a method for providing multi-domain, single sign-on 
(MDSSO) services that does not include a central service provider or the artifact as 
recited in claims 1 and 18. More specifically, in the method disclosed by Cheng, when a 
multiple domain single sign-on (MDSSO) server in a group of related MDSSO servers 
receives a request to access a protected URL from a browser on an end user device that 
does not include access control information, i.e., an MDSSO cookie, the MDSSO server 
authenticates the user and generates an MDSSO cookie. See Cheng at col. 6, lines 38-59. 
This MDSSO cookie is valid at any other MDSSO server in the group of related MDSSO 
servers. See Cheng at col. 6, lines 62-64. 

The MDSSO server then initiates a process of using the browser on the end user 
device to send the MDSSO cookie along with a hidden form to each of the other MDSSO 
servers. See Cheng at col. 8, lines 28-67. This process causes the browser to store the 
MDSSO cookie in a cookie jar for each of the other MDSSO servers. See Cheng at col. 
9, lines 1-37 and Abstract. The browser may then use the MDSSO cookie to access any 
of the MDSSO servers without requiring the user to re-authenticate. See Cheng at col. 6, 
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lines 38-42. Furthermore, when an MDSSO server receives an access request that 
contains the MDSSO cookie, the MDSSO server merely checks that the MDSSO cookie 
is valid before granting access. See Cheng at col. 6, lines 38-42. Cheng is absolutely 
silent regarding the use of an MDSSO cookie by one MDSSO server to retrieve anything 
further from the browser sending the request or from any other MDSSO server in order to 
grant access. 

Clearly, the method of Cheng is completely different from that cited in amended 
claims 1 and 18. Cheng does not disclose generating artifacts that can be used by trusted 
partner sites to retrieve assertion information to authorize user access from a central 
service provider, much less generating those artifacts by the central service provider and 
sending those artifacts to ihe trusted partner sites by the central service provider as 
required by claims 1 and 18. 

Amended independent claim 1 1 recites, in part, 

receiving a first artifact at a first trusted partner site from a central service 
provider, ... , said first artifact associated with assertion 
information comprising identity information associated with a user, 

sending said first artifact, by said first trusted partner site, to said central 
service provider ...to retrieve said assertion information; 

receiving said assertion information from said central service provider at 
said first trusted partner site . . and 

determining authorization for said user to access said first trusted partner 
site based on said assertion information. 

Emphasis added. 

As discussed above, Cheng discloses a method in which access control 
information, i.e., an MDSSO cookie, is initially generated by one MDSSO server in a 
group of related MDSSO servers and then stored on a browser in cookie jars associated 
with the other MDSSO servers. The browser may then use this MDSSO cookie when 
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accessing any of the MDSSO servers. An MDSSO server receiving the MDSSO cookie 
from the browser allows access without any further authentication of the user provided 
the MDSSO cookie is valid. The MDSSO server is not required to retrieve further 
information from the MDSSO server that originally generated the MDSSO cookie or 
from the browser sending the MDSSO cookie before allowing access. Therefore, Cheng 
cannot possibly disclose sending an artifact to a central service provider by a trusted 
partner site to retrieve assertion information, receiving the requested assertion 
information by the trusted partner site, and determining authorization based on the 
received assertion information as required by claim 11. 

In view of the above, Cheng fails to expressly or inherently describe each and 
every limitation of amended independent claims i, i i, and 18. Thus, independent claims 
1,11, and 18 are patentable over Cheng for at least the reasons given above. Dependent 
claims 2-5, 7-10, 12-15, 17, 19-22, and 24-26 are allowable for at least the same reasons. 
Accordingly, withdrawal of this rejection is respectfully requested. 

Rejection(s) under 35 U.S.C § 103 

Claims 6, 16, and 23 are rejected under 35 U.S.C. § 103 as being unpatentable 
over Cheng in view of U.S. Patent Application No. 2003/0177388 Al (hereinafter 
"Botz"). To the extent that this rejection may still apply to the amended claims, the 
rejection is respectfully traversed. 

To establish a prima facie case of obviousness, "[fjirst, there must be some 
suggestion or motivation, either in the references themselves or in the knowledge 
generally available to one of ordinary skill in the art, to modify the reference or to 
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combine reference teachings. Second, there must be a reasonable expectation of success. 
Finally, the prior art reference (or references when combined) must teach or suggest all 
the claim limitations." MPEP § 2143. Further, "all words in a claim must be considered 
in judging the patentability of that claim against the prior art." MPEP § 2143.03. 
Applicants respectfully assert that the references, when combined, fail to teach or suggest 
all the limitations of claims 6, 16, and 23. 

As discussed above, Cheng fails to disclose each and every limitation of 
independent claims 1, 11, and 18. Furthermore, Botz fails to disclose what Cheng lacks 
as is evidenced by the fact that the Examiner relies on Botz merely to disclose the use of 
the Security Assertions Markup Language (SAML). Thus, Cheng and Botz, whether 
considered separately or in combination, do not teach or suggest ail of the limitations of 
independent claims 1, 11, and 18. 

In view of the above, independent claim 1, 11, and 18 are patentable over Cheng 
and Botz for at least the reasons given above. Dependent claims 6, 16, and 23 are 
allowable over Cheng and Botz for at least the same reasons. Accordingly, withdrawal of 
this rejection is respectfully requested. 
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Conclusion 

Applicants believe this reply is fully responsive to all outstanding issues and 
places this application in condition for allowance. If this belief is incorrect, or other 
issues arise, the Examiner is encouraged to contact the undersigned or his associates at 
the telephone number listed below. Please apply any charges not covered, or any credits, 
to Deposit Account 50-0591 (Reference Number 03226/475001; P8956). 
Dated: July 6, 2007 Respectfully submitted, 



B y /Robert P. Lord/ 
Robert P. Lord 
Registration No.: 46,479 
OSHA • LIANG LLP 
1221 McKinney St., Suite 2800 
Houston, Texas 77010 
Attorney for Applicants 

Attachments: Replacement Sheets (8) 
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